rthooks

package

v1.3.0 Latest Latest Go to latest Published: Dec 13, 2024 License: Apache-2.0 Imports: 10 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/cilium/tetragon

Links

Open Source Insights

Documentation ¶

Overview ¶

Package rthooks contains code for managing run-time hooks

Runtime hooks are hooks for (synchronously) notifying the agent for runtime events such as the creation of a container.

Different parts of the agent can register callbacks that will run sequentially when a RuntimeHookRequest is issued.

Specifically:

sensors can register their callbacks at init() using RegisterCallbacksAtInit which registers in these hooks in globalRunner.
after init(), GlobalRunner() can be used to retrieve this runner and pass it to the gRPC server code so that it can execute these callbacks when a RuntimeHookRequest is issued.
some of these hooks need access to pkg/watcher, so before passing the runner to gRPC server, we add the watcher as well. Hooks can access the watcher via the argument passed in the executed callback.
all callbacks are executed, i.e., if a callback returns an error execution of callbacks does not stop
if any callback fails with an error, the gRPC server will return an error to the client (see pkg/server/server.go)

Index ¶

func RegisterCallbacksAtInit(cbs Callbacks)
type Callbacks
type CreateContainerArg
type DummyHookRunner
- func (o DummyHookRunner) RunHooks(_ context.Context, _ *tetragon.RuntimeHookRequest) error
type Runner
- func GlobalRunner() *Runner
- func (r *Runner) RunHooks(ctx context.Context, req *v1.RuntimeHookRequest) error
- func (r *Runner) WithWatcher(watcher watcher.K8sResourceWatcher) *Runner

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func RegisterCallbacksAtInit ¶

func RegisterCallbacksAtInit(cbs Callbacks)

RegisterCallbacksAtInit registers callbacks (should be called at init())

Types ¶

type Callbacks ¶

type Callbacks struct {
	CreateContainer func(ctx context.Context, arg *CreateContainerArg) error
}

type CreateContainerArg ¶

type CreateContainerArg struct {
	Req     *v1.CreateContainer
	Watcher watcher.K8sResourceWatcher
	// contains filtered or unexported fields
}

func (*CreateContainerArg) CgroupID ¶ added in v1.2.0

func (arg *CreateContainerArg) CgroupID() (uint64, error)

func (*CreateContainerArg) ContainerID ¶ added in v1.2.0

func (arg *CreateContainerArg) ContainerID() (string, error)

func (*CreateContainerArg) HostCgroupPath ¶ added in v1.3.0

func (arg *CreateContainerArg) HostCgroupPath() (string, error)

func (*CreateContainerArg) Pod ¶ added in v1.2.0

func (arg *CreateContainerArg) Pod() (*corev1.Pod, error)

func (*CreateContainerArg) PodID ¶ added in v1.2.0

func (arg *CreateContainerArg) PodID() (string, error)

type DummyHookRunner ¶

type DummyHookRunner struct{}

func (DummyHookRunner) RunHooks ¶

func (o DummyHookRunner) RunHooks(_ context.Context, _ *tetragon.RuntimeHookRequest) error

type Runner ¶

type Runner struct {
	// contains filtered or unexported fields
}

func GlobalRunner ¶

func GlobalRunner() *Runner

After RegisterCallbacksAtInit(), this function can be used to retrieve the Runner. Once this function is called, subsequent calls of RegisterCallbacksAtInit() will panic()

func (*Runner) RunHooks ¶

func (r *Runner) RunHooks(ctx context.Context, req *v1.RuntimeHookRequest) error

RunHooks executes all registered callbacks

func (*Runner) WithWatcher ¶

func (r *Runner) WithWatcher(watcher watcher.K8sResourceWatcher) *Runner

WithWatcher sets the watcher on a runner

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL